• Inject a sidecar using KubeMod

    3 min read

    admission controller sidecar KubeMod

    Using a webhook we can mutate Kubernetes objects when they are inserted to the cluster. But using a mutating operator can save us the trouble of having to actually code how the object needs to be patched

    27/09/2021

    Read more...
  • Kubernetes Mutating Webhook: Patch a Kubernetes Pod on the fly - the hard way

    6 min read

    Mutating Webhook admission controller MutatingWebhookConfiguration

    To be able to modify a request to the Kubernetes API server prior to persist the object (to, for example, inject a sidecar) we can use a Mutating Webhook. The admission controller makes a requests using all the MutatingWebhookConfiguration objects that matches the request and processes them in serial:

    apiVersion: admissionregistration.k8s.io/v1
    kind: MutatingWebhookConfiguration
    (...)
    

    Let's take a look on how to configure a mutating webhook from scratch

    12/08/2021

    Read more...
  • kubernetes: enforce resource limits using LimitRange

    3 min read

    LimitRange enforce kubernetes resource limits

    If we want to make sure the resources for a given namespace are controlled yet we want to be able to give full control to whoever is creating objects in that namespace, we can use LimitRange to enforce some resource constraints:

    • We can enforce a minimum and maximum (and it's default value) for compute resources per Pod or Container or storage request per PersistentVolumeClaim in the namespace
    • We can also enfornce a ratio between request and limit for a resource (so that we are not abusing the control setting limits that are too wide) Set default request/limit for compute resources in a namespace and automatically inject them to Containers at runtime.

    This is implemented as an admission controller that observes the incoming requests and makes sure that it does not violate any of the constraints enumerated in the LimitRange object within it's namespace.

    02/06/2021

    Read more...

From pet to cattle
Treat your kubernetes clusters like cattle, not pets